npm - @sassoftware/sas-score-mcp-serverjs - Versions diffs - 0.3.19 → 0.3.29-0 - Mend

@sassoftware/sas-score-mcp-serverjs 0.3.19 → 0.3.29-0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (18) hide show

package/cli.js +23 -24
package/openApi.yaml +121 -121
package/package.json +2 -2
package/src/createMcpServer.js +2 -1
package/src/expressMcpServer.js +68 -28
package/src/handleGetDelete.js +6 -3
package/src/hapiMcpServer.js +30 -0
package/src/openAPIJson.js +175 -175
package/src/openApi.yaml +121 -121
package/src/toolHelpers/getLogonPayload.js +9 -7
package/src/toolHelpers/getStoreOpts.js +1 -2
package/src/toolHelpers/getToken.js +0 -1
package/src/toolHelpers/refreshToken.js +48 -46
package/src/toolHelpers/refreshTokenOauth.js +2 -2
package/src/toolHelpers/tlogon.js +9 -0
package/src/toolSet/devaScore.js +10 -5
package/src/toolHelpers/getOpts.js +0 -51
package/src/toolHelpers/getOptsViya.js +0 -44

package/cli.js CHANGED Viewed

@@ -16,14 +16,15 @@ import createMcpServer from './src/createMcpServer.js';
 import fs from 'fs';
 import { randomUUID } from 'node:crypto';
-import refreshToken from './src/toolHelpers/refreshToken.js';
-import getOptsViya from './src/toolHelpers/getOptsViya.js';
+//import refreshToken from './src/toolHelpers/refreshToken.js';
+//import getOptsViya from './src/toolHelpers/getOptsViya.js';
+import readCerts from './src/toolHelpers/readCerts.js';
 import { fileURLToPath } from 'url';
 import { dirname } from 'path';
 import NodeCache from 'node-cache';
-import getOpts from './src/toolHelpers/getOpts.js';
+//import getOpts from './src/toolHelpers/getOpts.js';
 const __dirname = dirname(fileURLToPath(import.meta.url));
@@ -70,7 +71,7 @@ console.error(
 // and storage provided by cloud providers
 console.error(process.env.COMPUTECONTEXT);
 debugger;
-let sessionCache = new NodeCache({ stdTTL: 0, checkperiod: 2 * 60, useClones: false });
+let sessionCache = new NodeCache({ stdTTL: 24 *60*60, checkperiod: 2 * 60, useClones: false });
 //
 // Load environment variables from .env file if present
@@ -167,6 +168,7 @@ const appEnvBase = {
     casSession: null, /* restaf cas session object */
     computeSession: null, /* restaf compute session object */
     viyaCert: null, /* ssl/tsl certificates to connect to viya */
+    appCert: null,
     logonPayload: null, /* viya logon payload  to connect to viya */
     casServerId: null,
     computeSessonId: null,
@@ -179,10 +181,15 @@ const appEnvBase = {
 process.env.APPPORT=appEnvBase.PORT;
 // setup TLS options for viya calls
 console.error('[Note]Viya SSL dir set to: ' + appEnvBase.VIYACERT);
-await getOptsViya(appEnvBase); /* appEnvBase.contexts.viyaCert is set here */
-appEnvBase.tlsOpts = getOpts(appEnvBase);
+appEnvBase.contexts.viyaCert = readCerts(appEnvBase.VIYACERT); /* appEnvBase.contexts.viyaCert is set here */
+// setup TLS options for app server (expressMcpServer or hapiMcpServer)
+console.error('[Note]App SSL dir set to: ' + appEnvBase.SSLCERT);
+appEnvBase.tlsOpts = readCerts(appEnvBase.SSLCERT);
+appEnvBase.contexts.appCert = appEnvBase.tlsOpts; /* just for completeness */
 appEnvBase.contexts.storeConfig = {
   casProxy: true,
   options: { ns: null, proxyServer: null, httpOptions: appEnvBase.contexts.viyaCert }
@@ -205,19 +212,7 @@ if (appEnvBase.TOKENFILE != null) {
   }
 }
-// handle refresh token flow
-// use this for testing only.
-if (appEnvBase.REFRESH_TOKEN != null) {
-  appEnvBase.refreshToken = appEnvBase.REFRESH_TOKEN;
-  appEnvBase.AUTHFLOW = 'refresh';
-  let t = await refreshToken(appEnvBase, { token: appEnvBase.REFRESH_TOKEN, host: appEnvBase.VIYA_SERVER });
-  appEnvBase.contexts.logonPayload = {
-    host: appEnvBase.VIYA_SERVER,
-    authType: 'server',
-    token: t,
-    tokenType: 'Bearer'
-  }
-}
 // if authflow is cli or code, postpone getting logonPayload until needed
@@ -232,16 +227,19 @@ let appEnvTemplate = Object.assign({}, appEnvBase);
 sessionCache.set('appEnvTemplate', appEnvTemplate);
-let transports = {};
+let transports = {
+  "dummy": null
+};
 sessionCache.set('transports', transports);
 // set this for stdio transport use
 // dummy sessionId for use in the tools
 let useHapi = process.env.AUTHFLOW === 'code' ? true : false;
+console.error('[Note] appEnvBase is', JSON.stringify(appEnvBase, null,2));
+// creat a dummy sessionId for stdio since there is only one session and transport in that case, and tools need a sessionId to access the appEnvBase and contexts
+let sessionId = randomUUID();
+sessionCache.set(sessionId, appEnvBase);
 if (mcpType === 'stdio') {
-  let sessionId = randomUUID();
-  sessionCache.set('currentId', sessionId);
-  sessionCache.set(sessionId, appEnvBase);
   console.error('[Note] Setting up stdio transport with sessionId:', sessionId);
   console.error('[Note] Used in setting up tools and some persistence(not all).');
   await coreSSE(mcpServer);
@@ -249,6 +247,7 @@ if (mcpType === 'stdio') {
 } else {
   console.error('[Note] Starting HTTP MCP server...');
   if (useHapi === true) {
+    process.env.AUTHTYPE = null;
     await hapiMcpServer(mcpServer, sessionCache, appEnvBase);
     console.error('[Note] Using HAPI HTTP server...')
   } else {

package/openApi.yaml CHANGED Viewed

@@ -1,121 +1,121 @@
-swagger: "2.0"
-info:
-  title: SAS Viya Sample MCP Server API
-  version: "1.0.0"
-  description: API for interacting with the SAS Viya Sample MCP Server.
-host: localhost:8080
-basePath: /
-schemes:
-  - http
-  - https
-consumes:
-  - application/json
-produces:
-  - application/json
-paths:
-  /health:
-    get:
-      summary: Health check
-      description: Returns health and version information.
-      responses:
-        200:
-          description: Health information
-          schema:
-            type: object
-            properties:
-              name:
-                type: string
-              version:
-                type: string
-              description:
-                type: string
-              endpoints:
-                type: object
-              usage:
-                type: string
-  /apiMeta:
-    get:
-      summary: API metadata
-      description: Returns the OpenAPI specification for this server.
-      responses:
-        200:
-          description: OpenAPI document
-          schema:
-            type: object
-  /mcp:
-    options:
-      summary: CORS preflight
-      description: CORS preflight endpoint.
-      responses:
-        204:
-          description: No Content
-    post:
-      summary: MCP request
-      description: Handles MCP JSON-RPC requests.
-      parameters:
-        - name: body
-          in: body
-          required: true
-          schema:
-            type: object
-        - name: Authorization
-          in: header
-          required: false
-          type: string
-          description: Bearer token for authentication
-        - name: X-VIYA-SERVER
-          in: header
-          required: false
-          type: string
-          description: Override VIYA server
-        - name: X-REFRESH-TOKEN
-          in: header
-          required: false
-          type: string
-          description: Refresh token for authentication
-        - name: mcp-session-id
-          in: header
-          required: false
-          type: string
-          description: Session ID
-      responses:
-        200:
-          description: MCP response
-          schema:
-            type: object
-        500:
-          description: Server error
-          schema:
-            type: object
-    get:
-      summary: Get MCP session
-      description: Retrieves information for an MCP session.
-      parameters:
-        - name: mcp-session-id
-          in: header
-          required: true
-          type: string
-          description: Session ID
-      responses:
-        200:
-          description: Session information
-          schema:
-            type: object
-        400:
-          description: Invalid or missing session ID
-    delete:
-      summary: Delete MCP session
-      description: Deletes an MCP session.
-      parameters:
-        - name: mcp-session-id
-          in: header
-          required: true
-          type: string
-          description: Session ID
-      responses:
-        200:
-          description: Session deleted
-          schema:
-            type: object
-        400:
-          description: Invalid or missing session ID
+swagger: "2.0"
+info:
+  title: SAS Viya Sample MCP Server API
+  version: "1.0.0"
+  description: API for interacting with the SAS Viya Sample MCP Server.
+host: localhost:8080
+basePath: /
+schemes:
+  - http
+  - https
+consumes:
+  - application/json
+produces:
+  - application/json
+paths:
+  /health:
+    get:
+      summary: Health check
+      description: Returns health and version information.
+      responses:
+        200:
+          description: Health information
+          schema:
+            type: object
+            properties:
+              name:
+                type: string
+              version:
+                type: string
+              description:
+                type: string
+              endpoints:
+                type: object
+              usage:
+                type: string
+  /apiMeta:
+    get:
+      summary: API metadata
+      description: Returns the OpenAPI specification for this server.
+      responses:
+        200:
+          description: OpenAPI document
+          schema:
+            type: object
+  /mcp:
+    options:
+      summary: CORS preflight
+      description: CORS preflight endpoint.
+      responses:
+        204:
+          description: No Content
+    post:
+      summary: MCP request
+      description: Handles MCP JSON-RPC requests.
+      parameters:
+        - name: body
+          in: body
+          required: true
+          schema:
+            type: object
+        - name: Authorization
+          in: header
+          required: false
+          type: string
+          description: Bearer token for authentication
+        - name: X-VIYA-SERVER
+          in: header
+          required: false
+          type: string
+          description: Override VIYA server
+        - name: X-REFRESH-TOKEN
+          in: header
+          required: false
+          type: string
+          description: Refresh token for authentication
+        - name: mcp-session-id
+          in: header
+          required: false
+          type: string
+          description: Session ID
+      responses:
+        200:
+          description: MCP response
+          schema:
+            type: object
+        500:
+          description: Server error
+          schema:
+            type: object
+    get:
+      summary: Get MCP session
+      description: Retrieves information for an MCP session.
+      parameters:
+        - name: mcp-session-id
+          in: header
+          required: true
+          type: string
+          description: Session ID
+      responses:
+        200:
+          description: Session information
+          schema:
+            type: object
+        400:
+          description: Invalid or missing session ID
+    delete:
+      summary: Delete MCP session
+      description: Deletes an MCP session.
+      parameters:
+        - name: mcp-session-id
+          in: header
+          required: true
+          type: string
+          description: Session ID
+      responses:
+        200:
+          description: Session deleted
+          schema:
+            type: object
+        400:
+          description: Invalid or missing session ID

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@sassoftware/sas-score-mcp-serverjs",
-  "version": "0.3.19",
+  "version": "0.3.29-0",
   "description": "A mcp server for SAS Viya",
   "author": "Deva Kumar <deva.kumar@sas.com>",
   "license": "Apache-2.0",
@@ -10,7 +10,7 @@
   },
   "type": "module",
   "scripts": {
-    "start": "node  cli.js",
+    "start": "cross-env NODE_TLS_REJECT_UNAUTHORIZED=0 node  cli.js",
     "testi": "cross-env NODE_TLS_REJECT_UNAUTHORIZED=0 npx @modelcontextprotocol/inspector",
     "test": "cd test && node",
     "debug": "cross-env NODE_TLS_REJECT_UNAUTHORIZED=0  node --inspect-brk cli.js",

package/src/createMcpServer.js CHANGED Viewed

@@ -75,8 +75,9 @@ async function createMcpServer(cache, _appContext) {
     let toolName = _appContext.brand + '-' + tool.name;
     // console.error(`\n[Note] Registering tool ${i + 1} : ${toolName}`);
     let toolHandler = wrapf(cache, tool.handler);
+    tool.name = toolName; // update tool name with brand prefix for registration
     mcpServer.tool(toolName, tool.description, tool.schema, toolHandler);
     toolNames.push(toolName);
   });
   console.error(`[Note] Registered ${toolSet.length} tools: ${toolNames}`);

package/src/expressMcpServer.js CHANGED Viewed

@@ -6,17 +6,14 @@ import express from "express";
 import https from "https";
 import cors from "cors";
-//import rateLimit from "express-rate-limit";
-//import helmet from "helmet";
 import bodyParser from "body-parser";
 import selfsigned from "selfsigned";
 import openAPIJson from "./openAPIJson.js";
-import fs from "fs";
 import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
 import { randomUUID } from "node:crypto";
 import { isInitializeRequest } from "@modelcontextprotocol/sdk/types.js";
+import tlogon from "./toolHelpers/tlogon.js";
 // setup express server
@@ -98,10 +95,9 @@ app.get("/openapi.json", (req, res) => {
 // handle processing of information in header.
 function requireBearer(req, res, next) {
   // process any new header information
+  console.error("=======================================================");
+  console.error("Processing headers for incoming request to /mcp endpoint");
   // Allow different VIYA server per sessionid(user)
   let headerCache = {};
   if (req.header("X-VIYA-SERVER") != null) {
@@ -115,29 +111,44 @@ function requireBearer(req, res, next) {
   if (hdr != null) {
     headerCache.bearerToken = hdr.slice(7);
     headerCache.AUTHFLOW = "bearer";
+    console.error("[Note] Using user supplied bearer token for authorization");
+    console.error("[Debug] Bearer token starts with:", headerCache.bearerToken);
+  } else {
+    console.error("[Note] No bearer token supplied in Authorization header");
+    headerCache.bearerToken = null;
   }
   // faking out api key since Viya does not support
   // not ideal for production
   const hdr2 = req.header("X-REFRESH-TOKEN");
   if (hdr2 != null) {
-    headerCache.refreshToken = hdr2;
+    headerCache.REFRESH_TOKEN = hdr2;
     headerCache.AUTHFLOW = "refresh";
+    console.error("[Note] Using user supplied refresh token for authorization");
   }
   cache.set("headerCache", headerCache);
   next();
+  console.error("Finished processing headers for /mcp request");
+  console.log("=======================================================");
 }
 // process mcp endpoint requests
 const handleRequest = async (req, res) => {
-  let transport;
+  let transport = null;
   let transports = cache.get("transports");
+  console.error("=========================================================");
+  console.error("Processing POST /mcp request");
+  if (transports == null) {
+    console.error("[Error] ***** transports cache is null. This is an error");
+    transports = {};
+    cache.set("transports", transports);
+  }
   console.error("current transports in cache:", Object.keys(transports));
   try {
     let sessionId = req.headers["mcp-session-id"];
-    console.error("========================================================");
-    console.error("post /mcp called with session ID:", sessionId);
+    console.error("[Note]Incoming session ID:", sessionId);
     let body = (req.body == null) ? 'no body' : JSON.stringify(req.body);
     console.error('[Note] Payload is ', body);
     if (/*!sessionId &&*/ isInitializeRequest(req.body)) {
@@ -157,7 +168,7 @@ const handleRequest = async (req, res) => {
       });
       // Clean up transport when closed
       transport.onclose = () => {
-        if (transport.sessionId) {
+        if (transport.sessionId && transports[transport.sessionId]) {
           delete transports[transport.sessionId];
         }
       };
@@ -165,9 +176,11 @@ const handleRequest = async (req, res) => {
       await mcpServer.connect(transport);
       // Save transport data and app context for use in tools
-      console.error('connected mcpServer');
+      console.error('[Note] Connected to mcpServer');
       cache.set("transports", transports);
+      console.error("=======================================================");
       return await transport.handleRequest(req, res, req.body);
       // cache transport
     } else if (sessionId != null) {
@@ -176,8 +189,8 @@ const handleRequest = async (req, res) => {
       console.error("[Note] Found transport:", transport != null);
       if (transport == null) {
         // this can happen if client is holding on to old session id
-        console.error("[Error] No transport found for session ID:", sessionId, "Returning a 400 error with instructions for the user");
-        res.status(400).send(`Invalid or missing session ID ${sessionId}. Please ensure your MCP client is configured to use the correct session ID returned in the 'mcp-session-id' header of the response from the /mcp endpoint.`);
+        console.error("[Error] No transport found for session ID:", sessionId, "Returning a 404 error with instructions for the user");
+        res.status(404).send(`Invalid or missing session ID ${sessionId}. Please ensure your MCP client is configured to use the correct session ID returned in the 'mcp-session-id' header of the response from the /mcp endpoint.`);
         return;
       }
@@ -194,9 +207,15 @@ const handleRequest = async (req, res) => {
         let headerCache = cache.get("headerCache");
         _appContext = Object.assign({}, appEnvTemplate, headerCache);
         cache.set(sessionId, _appContext);
+      } else {
+        let headerCache = cache.get("headerCache");
+        console.error('compare tokens', headerCache.bearerToken === _appContext.bearerToken);
+        _appContext = Object.assign(_appContext, headerCache);
+        console.error('New bearerToken:', _appContext.bearerToken);
+        cache.set(sessionId, _appContext);
       }
       console.error("[Note] Using existing transport for session ID:", sessionId);
+      console.error("==========================================================");
       await transport.handleRequest(req, res, req.body);
       return;
     }
@@ -220,20 +239,27 @@ const handleRequest = async (req, res) => {
   }
 };
 const handleGetDelete = async (req, res) => {
-  console.error(req.method, "/mcp called");
+  console.error("=========================================================");
+  console.error(`[Note] ${req.method} /mcp called`);
   const sessionId = req.headers["mcp-session-id"];
-  console.error("Handling GET/DELETE for session ID:", sessionId);
+  console.error("[Note] SessionId:", sessionId);
   let transports = cache.get("transports");
   let transport = (sessionId == null) ? null : transports[sessionId];
+  console.error("[Note] Transport found:", transport != null);
   if (!sessionId || transport == null) {
-    res.status(400).send(`[Error] In ${req.method}: Invalid or missing session ID ${sessionId}`);
+    res.status(404).send(`[Error] In ${req.method}: Invalid or missing session ID ${sessionId}`);
     return;
   }
-  await transport.handleRequest(req, res);
+  if (req.method === "GET") {
+     await transport.handleRequest(req, res);
+     return;
+  }
   if (req.method === "DELETE" && sessionId != null) {
-    console.error("Deleting transport and cache for session ID:", sessionId);
+    console.error("[Note] Deleting transport and cache for session ID:", sessionId);
     delete transports[sessionId];
     cache.del(sessionId);
+    res.status(201).send(`[Info] Deleted session ${sessionId}`);
   }
 }
@@ -241,26 +267,40 @@ app.options("/mcp", (_, res) => res.sendStatus(204));
 app.post("/mcp", requireBearer, handleRequest);
 app.get("/mcp", handleGetDelete);
 app.delete("/mcp", handleGetDelete);
-app.get("/startup", (_req, res) => {
-  console.error("Received request for startup endpoint");
+app.get("/StartUp", (_req, res) => {
+  console.error("===================================================================")
+  console.error("Received request for Startup  endpoint. Current app status:", appStatus);
+  console.error("===================================================================");
   if (appStatus === false) {
-    return res.status(500).json({ status: "starting" });
+    return res.status(503).json({ status: "starting" });
   }
   return res.status(200).json({ status: "started" });
 });
+app.get("/tlogon", async (_req, res) => {
+  console.error(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>Testing logon");
+  if (appStatus === false) {
+     return res.status(503).json({ status: "not ready" });
+  }
+  let r = await tlogon(baseAppEnvContext);
+  console.error(r);
+  return res.status(200).json(r);
+});
 app.get("/status", (_req, res) => {
+  console.error("===================================================================")
   console.error("Received request for status endpoint. Current app status:", appStatus);
+  console.error("===================================================================");
   if (appStatus === false) {
-     return res.status(500).json({ status: "not ready" });
+     return res.status(503).json({ status: "not ready" });
   }
   return res.status(200).json({ status: "ready" });
 });
 app.get("/ready", (_req, res) => {
+  console.error("===================================================================")
   console.error("Received request for ready endpoint. Current app status:", appStatus);
+  console.error("===================================================================")
   if (appStatus === false) {
-     return res.status(500).json({ status: "not ready" });
+     return res.status(503).json({ status: "not ready" });
   }
   return res.status(200).json({ status: "ready" });
 });
@@ -274,12 +314,12 @@ let appServer;
 // get TLS options
 if (appEnvBase.HTTPS === 'TRUE') {
-  //appEnvBase.tlsOpts = getOpts(appEnvBase);
   if (appEnvBase.tlsOpts == null) {
     appEnvBase.tlsOpts = await getTls(appEnvBase);
     console.error(Object.keys(appEnvBase.tlsOpts));
     appEnvBase.tlsOpts.requestCert = false;
     appEnvBase.tlsOpts.rejectUnauthorized = false;
+    appEnvBase.contexts.appCert = appEnvBase.tlsOpts; /* just for completeness */
   }
   cache.set("appEnvBase", appEnvBase);

package/src/handleGetDelete.js CHANGED Viewed

@@ -5,22 +5,25 @@
 async function handleGetDelete(mcpServer, cache, req, h) {
     const sessionId = req.headers["mcp-session-id"];
-    console.error(`Handling ${req.method} for session ID:`, sessionId);
+    console.error("=======================================================");
+    console.error(`[Note] Handling ${req.method} for session ID:`, sessionId);
     let transports = cache.get("transports");
     let transport = transports[sessionId];
     if (!sessionId || transport == null) {
         console.error('[Note] Looks like a fresh start - no session id or transport found');
-        h.abandon;
+        return h.abandon;
     }
      if (req.method === "GET") {
         // You can customize the response as needed
+        console.error("[Note] Payload:", req.payload);
+        console.log("======================================================");
         await transport.handleRequest(req.raw.req, req.raw.res, req.payload);
         return h.abandon;
      }
     if (req.method === "DELETE") {
-        console.error("Deleting transport and cache for session ID:", sessionId);
+        console.error("[Note] Deleting transport and cache for session ID:", sessionId);
         delete transports[sessionId];
         cache.del(sessionId);
         return h.response(`[Info] In DELETE: Session ID ${sessionId} deleted`).code(201);

package/src/hapiMcpServer.js CHANGED Viewed

@@ -126,6 +126,36 @@ async function hapiMcpServer(mcpServer, cache, baseAppEnvContext) {
           tags: ["mcp"],
         }
       },
+      {
+        method: ["GET"],
+        path: "/ready",
+        options: {
+          handler: async (req, h) => {
+            let status = {status: 1};
+            console.error("Ready check requested, returning:", status);
+            return h.response(status).code(200).type('application/json');
+          },
+          auth: false,
+          description: "probe readiness of the server",
+          notes: "Help",
+          tags: ["mcp"],
+        }
+      },
+      {
+        method: ["GET"],
+        path: "/StartUp",
+        options: {
+          handler: async (req, h) => {
+            let status = { status: 1 };
+            console.error("Startup check requested, returning:", status);
+            return h.response(status).code(200).type('application/json');
+          },
+          auth: false,
+          description: "probe startup of the server",
+          notes: "Help",
+          tags: ["mcp"],
+        }
+      },
       {
         method: ["GET"],
         path: "/apiMeta",